package org.example.springsecurity_.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
public class SecurityConfig {
    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http.csrf().disable().authorizeHttpRequests(auth ->auth
                .requestMatchers("/userLogin.html").permitAll()//允许所有人访问登录页
                .requestMatchers("/hello").permitAll()//放行hello接口
                .anyRequest().authenticated()//其他请求需要认证
        ).formLogin(login ->login
                .loginPage("/userLogin.html")//指定自定义的登录页
                .loginProcessingUrl("/login")//指定SpringSecurity处理登录请求的url
                .permitAll()
        );

        return http.build();
    }
}
